[Cryptography] Near field and crypto
Sean Lynch
seanl at literati.org
Mon Apr 4 13:21:49 EDT 2016
On Sun, Apr 3, 2016 at 11:16 PM, Tom Mitchell <mitch at niftyegg.com> wrote:
> Near field devices are in anything and everywhere.
>
> Modern phones can read or present an NFC ID on demand.
> Apple uses NFC for payment on some models of phone.
>
> They can contain between 96 and 4,096 bytes of information.
> which is sufficient to pass an interesting sized key, a URI,
> or to unlock a keyring with locked PGP private key.
>
> NFC and RFID devices are easy to hide on benches in public places.
> A set of passive RFID devices uniquely identifies most individuals.
>
> Could passive RFID/NFC in a shoe, jacket or purse become the next
> big data slurp target.
>
> Could these devices be the critical long set of bits that when combined
> with modest known salt be a useful part of key management systems?
>
>
Sure, I already use a Yubikey NEO, which supports both NFC and direct USB
plug-in, for a few different crypto apps. I use it as a second factor via
FIDO U2F. I store my OATH-TOTP secrets in it. And it holds RSA keys for PGP
crypto, PGP signing (of documents, not keys), and SSH authentication. There
is an applet that will store static passwords as well, but you really don't
want to use anything that can be read out of the device. Better to have the
device do some crypto operation that can't be used to figure out the secret
it stores. Protected with a passphrase, of course, to slow down anyone who
steals it long enough that you can revoke the secrets stored on it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160404/5cd1e29a/attachment.html>
More information about the cryptography
mailing list